Huge design flaws (IMO) with Find My iPhone

Discussion in 'iPhone' started by JulianL, Nov 25, 2010.

  1. JulianL macrumors 65816

    Joined:
    Feb 2, 2010
    Location:
    London, UK
    #1
    I just signed up to the free Find My iPhone service and tested it and I've found something that has really surprised me.

    I've just successfully enabled Find My iPhone on my iPhone 4 and I immediately logged onto my MobileMe account from my PC to test it. Because I only have the free account it took me straight to the Find My iPhone page where I saw a map of the world with a pop-up dialog box on the middle of the page that said something like "Locating your iPhone...". It stuck at that point for maybe two minutes and then the "Locating your iPhone..." message got relaced by a red "Location services not enabled" message. I then went to my phone and enabled location services and then hit the refresh button at the top of the MobileMe web page on my PC and within seconds the map changed to a zoom in of my local street with a blue dot where I was. I was then able to send a test message to my phone.

    The above seems to pretty conclusively prove to me that the service needs to have location services enabled in order to work; I'm pretty staggered by this. This is supposed to be a service to keep one's iPhone or iPad safe but all that is needed for a thief to circumvent it is for them to turn off location services! That's crazy. This service is burried deep within iOS so surely it would be trivial to allow it to access the location services even if the user setting is set to off. I know that Apple are very vocal about how they protect the user's security but they could put a big clear message in the setup procedure so that whenever the Find My iPhone service is enabled in the Settings app it explicitly warns the user "This service will still have access to your location, even if you have location services turned off within Settings. Only proceed if you are happy with this. Apple won't share with anyone else, all other apps subject to normal controls, etc, etc".

    Admittedly turning off location services only blocks the feature to locate the phone, I was able to send a message to it even with location services off, but all a thief needs to do to completely disable all the features is to go to the MobileMe account setup in Settings and turn off the entire Find My iPhone service from there. Surely Apple should provide the ability to set a PIN code to protect the enable/disable for this critical security service.

    I know that a lot of people will say that people should have a PIN set for the main iPhone lock but some people who use the device a lot for apps, note taking, etc (like me) want instant access to the device and don't want to have to type in a PIN every time. Apple seem to explicitly acknowledge this class of user with the Find My iPhone features because one of the things it can do is remotely set a lock code which is a great feature but if the whole thing can be disabled so easily then it just doesn't seem worth it.

    So those are my complaints about the service:

    1) It should be possible to password protect the ability to switch off the service.

    2) There should be a way for the user to explicitly grant permission for the service to use location services, solely for the purpose of the Find My iPhone service reporting its location, even if the main location services setting within the Settings app is set to off.

    I will be emailing my suggestion to Apple but I wonder if people agree with me, or if I've somehow missed the place(s) where I can set up the above in the current (iOS 4.2.1) software.

    - Julian
     
  2. Phil A. Moderator

    Phil A.

    Staff Member

    Joined:
    Apr 2, 2006
    Location:
    Shropshire, UK
    #2
    Wirelessly posted (iPhone 4: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)

    I sort of see your point, but if someone has access to your phone to turn off location services, they can just as easily disable find my iPhone from within the MobileMe setup.

    I'm actually happy that Apple don't have a backdoor to location services and that if you turn access to location services off, then nothing has access to your device's location.
     
  3. mKTank macrumors 68000

    mKTank

    Joined:
    Jul 2, 2010
    #3
    I think that when using the locate my iPhone feature, the carrier automatically activates the location service through the 3G connection. Makes sense.
     
  4. Tom G. macrumors 68000

    Tom G.

    Joined:
    Jun 16, 2009
    Location:
    Champaign/Urbana Illinois
    #4
    I am glad to see that you are letting Apple know of your issue with Find My iPhone. So many people come on here with a problem and never let Apple know of it. What are they supposed to do read the entries in every web site forum that may pertain to one of their products?

    That being said, I do not believe that there is any sort of HUGE (capitalized for emphasis) Design Flaw. It may not work the way you wish it would but that is all. You could call it a design flaw but certainly not a huge one.

    I agree that it would be neat to have the location services on/off protected by a password, but the vast majority of thieves will not know how to turn it off or remember to do it until to late anyway.

    I've used MobileMe and the Find My iPhone feature many times since I first got my iPhone 3GS and now with my iPhone 4, and have never had any problems with it. It seems to be even more accurate now with iOS 4.2, as it tries to pinpoint the room in my condo where the phone is.
     
  5. JulianL thread starter macrumors 65816

    Joined:
    Feb 2, 2010
    Location:
    London, UK
    #5
    Yeah. I did go on to complain about the ability to switch the whole thing off, as you describe, in my 4th paragraph.

    I see your point on that one. Maybe in the setup for Find My iPhone there should be two settings, the global On/Off switch but also an "Always allow the Find My iPhone service unconditional access to location services". When the second option is set to "Off" then the service obeys the main Location Services setting (like now) and when its set to "On" the service will ignore the global Location Services setting and grab the data anyway. I could set that second option to "On" and you could set it to "Off" and we'd both be happy.

    - Julian
     
  6. Runt888 macrumors 6502a

    Joined:
    Nov 17, 2008
    #6
    Apple never advertised it as a service to find stolen iPhones, they advertised it as a service to find lost iPhones. It doesn't matter how much they protect the settings, all the thief has to do is turn the phone off.
     
  7. anjinha macrumors 604

    anjinha

    Joined:
    Oct 21, 2006
    Location:
    San Francisco, CA
    #7
    But even if you had that thieves could easily just turn the phone off, disconnect it from the internet, restore it, etc.
     
  8. JulianL thread starter macrumors 65816

    Joined:
    Feb 2, 2010
    Location:
    London, UK
    #8
    Good point. My thread title is wrong because I was coming at this based on my assumption that this service was being promoted as helping with a theft but if Apple is being careful to only promote it for lost phones then it was inappropriate of me to claim these are design flaws.

    I do still think that my points would be useful enhancements but I accept the collective wisdom coming out here from people like you and Tom G. that these are not design flaws.

    - Julian
     
  9. Givmeabrek macrumors 68030

    Givmeabrek

    Joined:
    Apr 20, 2009
    Location:
    NY
    #9
    Just put in a passcode to lock your phone. Good grief..... :eek:
     
  10. anonymouz1828 macrumors regular

    Joined:
    Oct 19, 2009
    #10
    If you dont put password for the sake of fast productivity than protection, then it is the risk you are taking. Geek thieves can turn off the phone and restore at home too.
     
  11. JulianL thread starter macrumors 65816

    Joined:
    Feb 2, 2010
    Location:
    London, UK
    #11
    Just bother to read the 5th paragraph of my original post.

    - Julian
     
  12. Nicksd84 macrumors 6502

    Joined:
    Mar 4, 2010
    Location:
    Atlanta, GA
    #12
    For reals. The hyperbole of the title is funny. "Huge" design flaw. I think we all have tweaks we would like, but the way you frame it makes a lot of difference.

    Edit: I think we were posting at the same time. Just saw your above post. There's also a feature with the lock where u can make ur passcode lock independent of your screen lock so you don't have to enter in ur passcode all the time.
     
  13. ItsJustafnPhone macrumors 6502a

    Joined:
    Jul 26, 2010
    #13
    I stopped reading here
    you don't deserve to moan about security if you're too lazy to set a phone lock.

    You can have the best security system in the world, but you're a dumbass if you leave the front door unlocked
     
  14. CZK, Nov 25, 2010
    Last edited: Feb 27, 2011

    CZK macrumors 6502a

    Joined:
    Oct 25, 2010
    #14
  15. JulianL thread starter macrumors 65816

    Joined:
    Feb 2, 2010
    Location:
    London, UK
    #15
    Actually I do, on the stuff I care about. Any sensitive data on my phone is in AES-256 databases that are password protected and it's a PAYG phone so exposure there is limited to my PAYG balance. I really don't care if someone accesses my music, my ebooks, my games, my maps, my calculator and other utilities, or my non-sensitive notes so why put the global lock in the way of those?

    - Julian
     
  16. CZK, Nov 25, 2010
    Last edited: Feb 27, 2011

    CZK macrumors 6502a

    Joined:
    Oct 25, 2010
    #16

    DOes the phonelock fix that problem ?
    ________
    Yamaha xs360
     
  17. Dr Kevorkian94 macrumors 68020

    Joined:
    Jun 9, 2009
    Location:
    SI, NY
    #17
    yea u shouldn't be able to disable it, regardless the tittle was a little misleading but ur point is defiantly a serious problem. regardless it is a defiantly a awesome service. like the other day i went into my parents bedroom and i set my phone down on the black ruffled comforter, i left it there and i couldn't find it when i needed it. so i logged on and sent it a message and the locating noise went off and i found it right away. so as stupid as i was it was very useful.
     
  18. Armeniandave macrumors 6502

    Joined:
    Jun 12, 2010
    Location:
    San Diego
    #18
    I just went into restrictions and made it so you can't turn off the GPS or delete email accounts. They would need the password to disable it.

    Also leaving location services on has no effect on my battery as long as I'm not using it at the time. I have tried it with it turned off and on (without using it) and battery was the same. I think it used to be with the older firmwares that the GPS would drain a bit more battery but now it looks like it's only when something is using it. It shuts down completely in between uses.
     
  19. MadGoat macrumors 65816

    MadGoat

    Joined:
    Jul 30, 2007
    Location:
    Canada
    #19
    I made this argument months ago that I would like password protection on certain security aspects of the phone like location services and specifically the find my iPhone toggle.

    I was basically told to shut up and that the thief could simply remove the SIM (maybe this is why Apple wanted to integrate the SIM in next iPhone?)

    Something so integral to security shouldn't be so simple to disable.

    Edit:
    Ah it seems now that you can password protect you account and GPS (when was that officially introduced?)
     
  20. ItsJustafnPhone macrumors 6502a

    Joined:
    Jul 26, 2010
    #20
    you're not impressing anyone
    you clearly don't work in a very secure environment, otherwise your company would have clear guidelines that state any device that carries/transmits/receives sensitive information Must have a password /keylock
     
  21. Daveoc64 macrumors 601

    Joined:
    Jan 16, 2008
    Location:
    Bristol, UK
    #21
    Agreed.

    I don't need incredible security on my phone, there's simply nothing on it that I care about that much.

    It does confuse me why the feature can be turned off so easily.


    ...and these people rely on MobileMe!?
     
  22. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #22
    Exactly.
    I want alot of security too but I dont feel like locking my car doors or my home door.
    You know its too much work, I like to get in and out quick:rolleyes:
     
  23. JulianL thread starter macrumors 65816

    Joined:
    Feb 2, 2010
    Location:
    London, UK
    #23
    I'm not trying to impress anyone but you're certainly confusing me. I found your first post overly aggressive and was close to responding in kind but I thought that I'd look at some of your other posts and see if you were as personally abusive and un-necessarily combatitive with everyone. I then found this post (http://forums.macrumors.com/showthread.php?p=11476545&highlight) and thought it was exactly the sort of thing I would have said (although even that post had an aggressive tone to it). You appear to be a good and honest person with a sound moral code, something that seems to be becoming rarer and rarer nowadays. You talk about "chivalry and kindness to strangers" and yet you seem unable to debate issues without making personal attacks and extreme rhetoric. I'm a stranger and you seem to be treating me with very little civility let alone kindness. I'm confused.

    Anyway, just FYI, my phone is entirely for personal use so I have no company policy to adhere to. I also don't have push or fetch email set up; it's personal and I'm not that important. If I'm really expecting an email then it's gmail so I log onto the web interface with a browser, check my email, and then log off again.

    - Julian
     
  24. JulianL thread starter macrumors 65816

    Joined:
    Feb 2, 2010
    Location:
    London, UK
    #24
    I agree. Regardless of whether I and others think that it could be improved, it's already an awesome feature as it is; a really clever, innovative and useful feature that differentiates the iPhone from the competitors. (Does any other phone have anything similar?)

    - Julian
     
  25. sviato macrumors 68020

    sviato

    Joined:
    Oct 27, 2010
    Location:
    HR 9038 A
    #25
    you should be able to like brick the phone if its stolen or like completely shut it down and disable itunes from recognizing it so the thief wouldnt be able to use it.

    then if they take it to the apple store, unless they have id that matches the info of the phone # its tied to, the store wont fix or will return to rightful owner or let them know
     

Share This Page